Experian: password theft soars 300% to 12 million in the first quarter

Cybercriminals illegally trading stolen personal information online such as passwords has soared exponentially to 300% during the first four months of 2012, according to the latest research from Experian CreditExpert and market research agency Opinion Matters.

Experian concluded that 12 million pieces of personal information were illegally sold during the four-month period, 90% of which consisted of login details and passwords. The figures dwarf the credit agency's data for last year, which totaled 9.5 million.

"The reason password and login combinations make up nine out of ten illegally traded pieces of data is because they give access to a huge amount of other valuable information, such as address books and related accounts," said Peter Turner, managing director at Experian Consumer Services in the UK and Ireland.

The research suggested consumers were still not being as careful online as they could be, and revealed that Britons on average used just five different passwords for their 26 online accounts. It also revealed that a quarter of British internet users used a single password for most of their online profiles and accounts.

Experian urges consumers to create different strong passwords for each site, but Websense Security Labs senior manager Carl Leonard disagrees that strong passwords are enough to protect important data.

"They're as strong as a simple lock against professional thieves. Passwords can be guessed, cracked or stolen through social engineering," Leonard said. "Worse still businesses can be attacked and stories of breached password databases make for uneasy reading. Businesses need to think carefully how they secure password information for which they are responsible -- encrypting password records and securing the database makes good sense."

So far this year, an increasing number of sites have succumbed to hackers, with breaches resulting in millions of passwords being published online. With identity theft increasing, it's important to make online accounts as secure as possible.

Leading security authorities recommend passwords at least eight characters long with a mixture of lower and upper case letters, numbers and special characters -- but most importantly, that they are different for each online account you have. Services like LastPass can also help by creating randomly generated passwords for each of your online accounts with one master password to remember.